We open-sourced the toolkit we use to build verifiable TEE applications on AWS Nitro Enclaves.

Problem: TEEs provide hardware isolation, but without public attestation, users have no practical way to verify what code is actually running.

Nova Stack provides the full pipeline:

* Enclaver – build/run Nitro Enclave apps

* App Hub – CI/CD with SLSA Level 3 signed builds

* App Registry – on-chain registration with ZKP-verified attestations

* ZKP CLI – generate proofs and register on-chain

Everything is open source. We use this in production.

Happy to answer questions on TEE architecture, ZKP verification, or Nitro quirks.